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information systems 

Gordon B. Davis, John T. Gorgone, J. Daniel Couger, David L. Feinstein, Herbert E. 
Longenecker 
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Software security: Application security su p port in the operating system kernel 
Manigandan Radhakrishnan, Jon A. Solworth 

March 2006 Proceedings of the 2006 ACM Symposium on Information, computer and 
communications security ASIACCS '06 

Publisher: ACM Press 

Full text available: > ^| j )df(335.52 KB) Additional Information: full citation , abstract , references , cited bv . index terms 

Application security Is typically coded in the application. In kernelSec, we are investigating 
mechanisms to implement application security in an operating system kernel. The 
mechanisms are oriented towards providing authorization properties, and this goal drives 
the design of permissions and protection mechanisms.The resulting system is dynamic, 
allowing the set of permissions for a program to evolve during program execution. This 
reduces the need for users and applications to be aware o ... 

Keywords: access controls, authorization, authorization properties, information flow, 
operating systems, separation of duty 



3 Analysi s and verification: MECA: an extensible, ex pressive system and lan guag e for j^j 
statically checkin g securit y proper tie s 
Junfeng Yang, Ted Kremenek, Yichen Xie, Dawson Engler 
October 2003 Proceedings of the 10th ACM conference on Computer and 
communications security CCS '03 

Publisher: ACM Press 

Full text available: ^■^j pdff 343.82 KB ) Additional Information: full citation , abstract , references , citings , index terms 

This paper describes a system and annotation language, MECA, for checking security 
rules. MECA is expressive and designed for checking real systems. It provides a variety of 
practical constructs to effectively annotate large bodies of code. For example, it allows 
programmers to write programmatic annotators that automatically annotate large bodies 
of source code. As another example, it lets programmers use general predicates to 
determine if an annotation is applied; we have used this ability to ... 

Keywords: annotation language, static analysis 
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4 MANTIS OS: an embedded multithreaded operatin g sy stem for wireless micro sensor 
platforms 

Shah Bhatti, James Carlson, Hui Dai, Jing Deng, Jeff Rose, Anmol Sheth, Brian Shucker, 

Charles Gruenwald, Adam Torgerson, Richard Han 

August 2005 Mobile Networks and Applications, Volume 10 Issue 4 

Publisher: Kl u we r Academic Publishers 

Full text available: MB) Additional Information: f ull citation , abstract , references , index terms 

The MANTIS MultimodAI system for NeTworks of In-situ wireless Sensors provides a new 
multithreaded cross-platform embedded operating system for wireless sensor networks. 
As sensor networks accommodate increasingly complex tasks such as 
compression/aggregation and signal processing, preemptive multithreading in the MANTIS 
sensor OS (MOS) enables micro sensor nodes to natively interleave complex tasks with 
time-sensitive tasks, thereby mitigating the bounded buffer producer-consumer problem. 
To ac ... 

Keywords: cross-platform, dynamic reprogramming, embedded operating system, 
lightweight, low power, multithreaded, sensor networks 



5 Session 31 : secure s ystems: VIRTUS: a new processor virtualization architecture for 
security-oriented next- g eneration mobile terminals 
Hiroaki Inoue, Akihisa Ikeno, Masaki Kondo, Junji Sakai, Masato Edahiro 
July 2006 Proceedings of the 43rd annual conference on Design automation DAC *06 
Publisher: ACM Press 

Full text available: fi||pdff798.11 KB) Additional Information: fulLcitatipn, attract, references, index terms 

We propose a new processor virtualization architecture, VIRTUS, to provide a dedicated 
domain for pre-installed applications and virtualized domains for downloaded native 
applications. With it, security-oriented next-generation mobile terminals can provide any 
number of domains for native applications. VIRTUS features three new technologies: VMM 
asymmetrization, dynamic inter-domain communication and virtualization-assist logic, and 
it is first in the world to virtualize an ARM-based multiproces ... 

Keywords: multiprocessor, processor virtualization 
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Session 3: Ener g y-aware OS's: Every j oule is precious: the case for revisiting 
operating s ystem desi g n for ener g y efficienc y 
Amin Vahdat, Alvin Lebeck, Carla Schlatter Ellis 

September 2000 Proceedings of the 9th workshop on ACM SIGOPS European workshop: 
beyond the PC: new challenges for the operating system EW 9 

Publisher: ACM Press 

Full text available: ^Q-&df(71,97 KB) Additional Information: full citation , abstra ct, referenc es, citing s 

By some estimates, there will be close to one billion wireless devices capable of Internet 
connectivity within five years, surpassing the installed base of traditional wired compute 
devices. These devices will take the form of cellular phones, personal digital assistants 
(PDA's), embedded processors, and "Internet appliances". This proliferation of networked 
computing devices will enable a number of compelling applications, centering around 
ubiquitous access to global information serv ... 

Session summaries from the 17th symposium on operating systems princi ple 

( SOSP'99 ) 

Jay Lepreau, Eric Eide 

April 2000 ACM SIGOPS Operating Systems Review, Volume 34 Issue 2 
Publisher: ACM Press 

Full text available: ^| , pdf(3.15 MB) Additional Information: full citation , index terms 



Di g est of proceedings seventh IEEE workshop on hot topics in operating systems 
March 29-30 1999, Rio Rico, AZ 
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October 1999 ACM SIGOPS Operating Systems Review, Volume 33 Issue 4 
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The Seventh IEEE Workshop on Hot Topics in Operating Systems was held on March 29-30 
1999 at the Rio Rico Resort & Country Club, south of Tucson, Arizona. The General 
Chair, Peter Druschel, and the Local Arrangements Chair, John Hartman, had gone to 
considerable effort to make the operation of the workshop smooth and pleasant for the 
participants. The secluded desert locale, the effect of brilliant sunshine and blue skies on 
winter-jaded northerners, and the enthusiasm and energy of the ... 

Security and eliabiHty: Live updating operating systems usin g virtualization j 

Haibo Chen, Rong Chen, Fengzhe Zhang, Binyu Zang, Pen-Chung Yew 

June 2006 Proceedings of the second international conference on Virtual execution 

environments VEE '06 
Publisher: ACM Press 

Full text available: ^jpdfM 36.71 KB) Additional Information: full citation , abstract , references , index terms 

Many critical IT infrastructures require non-disruptive operations. However, the operating 
systems thereon are far from perfect that patches and upgrades are frequently applied, in 
order to close vulnerabilities, add new features and enhance performance. To mitigate the 
loss of availability, such operating systems need to provide features such as live update 
through which patches and upgrades can be applied without having to stop and reboot the 
operating system. Unfortunately, most current live ... 

Keywords: availability, live update, operating system, virtualization 



10 Ap plications and compliance: Virtual monotonic counters and count-limited objects 
usin g a TPM without a trusted OS 

Luis F. G. Sarmenta, Marten van Dijk, Charles W. O'Donnell, Jonathan Rhodes, Srinivas 
Devadas 

November 2006 Proceedings of the first ACM workshop on Scalable trusted computing 
STC '06 

Publisher: ACM Press 

Full text available: 4jjji pdf(447.59 KB) Additional Information: full citation , abstract , references , index terms 



A trusted monotonic counter is a valuable primitive that enables a wide variety of highly 
scalable offline and decentralized applications that would otherwise be prone to replay 
attacks, including offline payment, e-wallets, virtual trusted storage, and digital rights 
management (DRM). In this paper, we show how one can implement a very large number 
of virtual monotonic counters on an untrusted machine with a Trusted Platform Module 
(TPM) or similar device, without relying on a trusted OS ... 

Keywords: certified execution, e-wallet memory integrity checking, key delegation, 
stored-value, trusted storage 



11 Operatin g systems: t-kernel: providing reliable OS support to wireless sensor 
network s 

Lin Gu, John A. Stankovic 

October 2006 Proceedings of the 4th international conference on Embedded networked 
sensor systems SenSys '06 

Publisher: ACM Press 

Full text available: ^gj.p.df (524.19 KB) Additional Information: f ull citation , abstract, references, index terms 

The development of a reliable large-scale wireless sensor network (WSN) is very difficult 
because of resource constraints, energy budget, and demanding application requirements. 
Three OS features-OS protection, virtual memory, and preemptive scheduling-can 
significantly improve the reliability of WSN systems and facilitate developing complex WSN 
software. However, due to the lack of hardware support for privileged execution and 
address translation, it is impossible to implement these features wi ... 

Keywords: OS protection, binary translation, low-power systems, virtual memory, 
wireless sensor networks 
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Security: Raksha: a flexible information flow architecture for software securit y 
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June 2007 Proceedings of the 34th annual international conference on Computer 
architecture ISCA '07 

Publisher: ACM Press 

Full text available: »|*^,Rdf(3Q 0.74 KB ) Additional Information: full cit ation , abstract, references. LQdexJeLms 

High-level semantic vulnerabilities such as SQL injection and crosssite scripting have 
surpassed buffer overflows as the most prevalent security exploits. The breadth and 
diversity of software vulnerabilities demand new security solutions that combine the speed 
and practicality of hardware approaches with the flexibility and robustness of software 
systems. 

This paper proposes Raksha, an architecture for software security based on dynamic 
information flow tracking (DIFT). Raksha provide ... 

Keywords: dynamic, semantic vulnerabilities, software security 



13 Labels and event processes in the asbestos operating system 

Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie 
Kohler, David Mazieres, Frans Kaashoek, Robert Morris 

October 2005 ACM SIGOPS Operating Systems Review , Proceedings of the twentieth 

ACM symposium on Operating systems principles SOSP '05, Volume 39 Issue 
5 

Publisher: ACM Press 

Full text available: ^pjidf( 258.5 8 KB) Additional Information: full citation, abstract, rejfe[ences, cjtings, index term s 

Asbestos, a new prototype operating system, provides novel labeling and isolation 
mechanisms that help contain the effects of exploitable software flaws. Applications can 
express a wide range of policies with Asbestos's kernel -enforced label mechanism, 
including controls on inter-process communication and system-wide information flow. A 
new event process abstraction provides lightweight, isolated contexts within a single 
process, allowing the same process to act on behalf of multiple users while ... 

Keywords: event processes, information flow, labels, mandatory access control, secure 
web servers 



14 Securit y an d eliabilit y: A feather-wei g ht virtual machine for windows applications 
Yang Yu, Fanglu Guo, Susanta Nanda, Lap-chung Lam, Tzi-cker Chiueh 
June 2006 Proceedings of the second international conference on Virtual execution 

environments VEE '06 
Publisher: ACM Press 

Full text available: ^S|jpdfn92.18 KB) Additional Information: full citation , abstract, references , index terms 

Many fault-tolerant and intrusion-tolerant systems require the ability to execute unsafe 
programs in a realistic environment without leaving permanent damages. Virtual machine 
technology meets this requirement perfectly because it provides an execution 
environment that is both realistic and isolated. In this paper, we introduce an OS level 
virtual machine architecture for Windows applications called Feather-weight Virtual 
Machine (FVM), under which virtual machines share as many resources ... 

Keywords: copy on write, mobile code security, namespace virtualization, system call 
interception, virtual machine 



15 O peratin g system enhancements to prevent the misuse of system calls 
Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancini 
November 2000 Proceedings of the 7th ACM conference on Computer and 

communications security CCS '00 
Publisher: ACM Press 

Full text available: fQpdf(4 13.22 KB) Additional Information: f ull cita tion, references, citings, index terms 



Keywords: Linux, access control database, buffer overflow based attacks, isolation, 
system calls interception 
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16 Selected writings on computing: a personal perspective 
Edsger W. Dijkstra 
January 1982 Book 

Publisher: Springer-Veriag New York, Inc. 

Full text available: ^gjpdf(0Q.99.MBJ Additional Information: full. citation, abstract, references , ci ted by . index terms 

Since the summer of 1973, when I became a Burroughs Research Fellow, my life has been 
very different from what it had been before. The daily routine changed: instead of going 
to the University each day, where I used to spend most of my time in the company of 
others, I now went there only one day a week and was most of the time that is, when not 
travelling!— alone in my study. In my solitude, mail and the written word in general 
became more and more important. The circumstance that my employe ... 

Bugs as deviant behavior: a general approach to inferrin g errors in systems code 
Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, Benjamin Chelf 
October 2001 ACM SIGOPS Operating Systems Review , Proceedings of the eighteenth 
ACM symposium on Operating systems principles SOSP '01, Volume 35 Issue 
5 

Publisher: ACM Press 

Full text available: ^Pj.pdf(1.53 MB) Additional Information: full citation , abstract, r eferences , citing s, index terms 

A major obstacle to finding program errors in a real system is knowing what correctness 
rules the system must obey. These rules are often undocumented or specified in an ad 
hoc manner. This paper demonstrates techniques that automatically extract such checking 
information from the source code itself, rather than the programmer, thereby avoiding the 
need for a priori knowledge of system rules.The cornerstone of our approach is inferring 
programmer "beliefs" that we then cross-check for contradict ... 

18 O perating s ystems security: Gray-box extraction of execution g ra phs for anomal y 
detection 

Debin Gao, Michael K. Reiter, Dawn Song 

October 2004 Proceedings of the 11th ACM conference on Computer and 
communications security CCS '04 

Publisher: ACM Press 

Full text available: pdf(254,75„KB). Additional Information: fuH citatipn, abstract, references, tilings, index te rms 

Many host-based anomaly detection systems monitor a process by observing the system 
calls it makes, and comparing these calls to a model of behavior for the program that the 
process should be executing. In this paper we introduce a new model of system call 
behavior, called an <i>execution graph</i>. The execution graph is the first such model 
that both requires no static analysis of the program source or binary, and conforms to the 
control flow graph of the program. When used as the m ... 

Keywords: anomaly detection, control flow graph, intrusion detection, system call 
monitor 



19 Securit y: New c ache desig ns for thwartin g software c ache-based side channel attacks Q 
A Zhenghong Wang, Ruby B. Lee 

June 2007 Proceedings of the 34th annual international conference on Computer 
architecture ISCA '07 

Publisher: ACM Press 

Full text available: ^|,pdf(51 1.90 KB) Additional Information: full citation , abstract , references , index terms 

Software cache-based side channel attacks are a serious new class of threats for 
computers. Unlike physical side channel attacks that mostly target embedded 
cryptographic devices, cache-based side channel attacks can also undermine general 
purpose systems. The attacks are easy to perform, effective on most platforms, and do 
not require special instruments or excessive computation power. In recently demonstrated 
attacks on software implementations of ciphers like AES and RSA, the,full key can ... 

Keywords: cache, computer architecture, processor, security, side channel, timing 
attacks 
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Formalizing the safety of Java, the Java virtual machine, and Java card 
Pieter H. Hartel, Luc Moreau 
December 2001 
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ACM Computing Surveys (CSUR), Volume 33 Issue 4 
Publisher: ACM Press 

Full text available: ^^|,pdf(442.86 KB) Additional Information: full citation , abstract , references , citing s, index terms 

We review the existing literature on Java safety, emphasizing formal approaches, and the 
impact of Java safety on small footprint devices such as smartcards. The conclusion is that 
although a lot of good work has been done, a more concerted effort is needed to build a 
coherent set of machine-readable formal models of the whole of Java and its 
implementation. This is a formidable task but we believe it is essential to build trust in 
Java safety, and thence to achieve ITSEC level 6 or Common Crite ... 

Keywords: Common criteria, programming 
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